Answer Wiki

Yes it is true. All you need is a WiFi card with capturing capability, the most commercialized brands do that (PRISM, Atheros, Broadcom and even some intel). After that a linux box running kismet, aircrack, airdump and aireplay. We did some tests here with our own AP and when there is alot of traffic flowing it can take less than 3 minutes.

I agree to TechTarget's Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

Processing your response...

Discuss This Question: 6 &nbspReplies

There was an error processing your information. Please try again later.

I agree to TechTarget's Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

As I understand it, the site broadcasting the SSID generally isn't the problem. The problem usually tends to be the devices that want to connect to a non-broadcast SSID -- they tend to broadcast the SSID repeatedly when they are out of range and searching for it. All it takes is one improperly configured device to give it all away.
It seems easier to keep the single wireless router/access point properly configured and secured and let it broadcast its SSID than to keep it quiet and rely on the devices that connect to it.
AFAIK, one side or the other will broadcast the SSID. The two sides need to know when to recognize each other.
Tom

Cracking a WEP pass requires some basic knowledge with networking principles & terminology, and needless to say that also requires working with command-line tools. A good knowledge of Linux OS can be helpful as well. There r several free tools in the market. And I think, other than own computer (for practice etc.), it is entirely illegal.

@TomLiotta
I wasn't 100% sure on when it was broadcast...but I found this article that seemed to explain it a little (it's the second footnoted reference in the Wikipedia article).
So, during association and reassociation (as you mentioned, when a device is trying to reassociate with a lost access point) the SSID is broadcast.
Basically, we can't use SSID hiding to truly protect anything. Same with limiting connections by MAC address. We have to have proper security and control tools in place...and that does not include WEP! ;)

WEP is not the only protocol that is vulnerable to cracking. They all are, just that the stronger keys take more time to crack, due to the number of data packets it needs to make the comparisons. Because of the limitation of the number of encryption keys in each protocol, the security key will eventually get reused. That is the weakness that is exploited.
So the time taken to crack any protocol depends on at least 2 things.
1. The number of keys available in the protocol.
2. The work load on the data channel.
So a data channel with a light work load, will take longer to crack than a channel which is used to capacity.

I agree to TechTarget's Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

Processing your reply...

Ask a Question

Free Guide: Managing storage for virtual environments

Complete a brief survey to get a complimentary 70-page whitepaper featuring the best methods and solutions for your virtual environment, as well as hypervisor-specific management advice from TechTarget experts. Don’t miss out on this exclusive content!

To follow this tag...

I agree to TechTarget's Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

Thanks! We'll email you when relevant content is added and updated.

Following

Share this item with your network:

X

We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.